secr — Secrets management & NHI governance
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The plugin largely matches its secrets-management purpose, but it deserves review because it handles agent secrets, fails open when its gateway cannot initialize, and may audit or log sensitive context.
Install only if you trust secr with the relevant secret and tool-audit data. Use least-privilege allowlists, keep materializeOnStartup disabled unless needed, avoid debug mode with token-based config, and decide whether the fail-open gateway behavior is acceptable for your environment.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
56/56 vendors flagged this plugin as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The plugin can access secrets permitted by the configured secr token, org, project, and environment binding.
The plugin is intended to use a delegated secr agent token and broker allowlisted secrets, which is expected for this integration but is high-impact credential authority.
"description": "Brokers credentials ... Required: SECR_AGENT_TOKEN env var."
Use a least-privilege SECR_AGENT_TOKEN, verify the org/project/environment scope, and prefer the env var over storing the token directly in config.
A misconfigured token, missing identity file, service outage, or gateway error could allow a tool call that the secr policy would otherwise deny or require approval for.
If gateway initialization fails, the hook allows the tool call instead of blocking or requiring approval, despite the plugin being advertised as enforcing gateway policy.
console.warn(`[secr] gateway init failed, allowing tool '${toolName}':`, err?.message ?? err); return; // fail openDo not rely on this as the only enforcement layer unless fail-open is acceptable; ask the publisher for a fail-closed mode or clear runtime alerting.
Tool arguments may contain tokens, private content, commands, URLs, file paths, or business data that could enter secr gateway audit logs.
The plugin reports tool-call parameters to the gateway, but redaction is limited to exact top-level key names, so nested values, case variants, and sensitive payload fields may be recorded.
out[k] = SENSITIVE_PARAM_KEYS.has(k) ? "[REDACTED]" : v; ... gateway.reportToolCall({ toolName, parameters: redactParameters(params), status: "success" });Treat the secr audit destination as trusted, avoid placing secrets in tool arguments, and request deeper case-insensitive/nested redaction or configurable audit scoping.
If a token is stored in plugin config, enabling debug mode could leave that credential in /tmp/secr-plugin-debug.log.
When debug mode is enabled, the plugin writes the full pluginConfig object to a persistent local temp log without redaction; the plugin schema permits token configuration.
if (process.env.SECR_PLUGIN_DEBUG) { ... pluginConfig: ctx?.pluginConfig, ... fs.appendFileSync("/tmp/secr-plugin-debug.log", line); }Avoid SECR_PLUGIN_DEBUG when tokens may be in config, redact pluginConfig before logging, restrict log permissions, and delete debug logs after troubleshooting.